Internal Infrastructure Testing

It is very common for organisations having a secure external infrastructure but they overlook for organisation's internal infrastructure security. However, according to facts more attacks originate from within the company and tend to be a lot more expensive than external attacks. We can help you to prevent unauthorised accesss to your internal systems and resources from internal or even external intruders that were able to copromise the external infrastructure.

The Interal Infrastructure Testing
Methodology is divided into three distinct phases; Profiling, Assessment and
Exploitation.

Profiling Phase

Information Gathering (Reconnaissance) techniques such
as Enumeration, Footprinting, Fingerprinting and
DNS/SMTP Reconnaissance will be performed to gather as much information as
possible about the customer’s corporate network.

Specifically, the following techniques will be used to
find and assess any security-related information:-

Information Gathering (Reconnaissance)

Port Scanning (TCP/UDP)

Common Protocol Queries (SNMP/SMB/IKE/LDAP/DB)

Ping Sweeps (TCP/ICMP)

OS & Service Fingerprinting

Traceroutes (TCP/UDP/ICMP)

ActiveDirectoryUserEnumeration

DNS Lookups & Zonetransfers (Forward/Reverse/Bruteforce)

Passive Sniffing

SMTP Enumeration (VRFY, EXPN, MAIL FROM/RCPT TO)

Using the
above Information gathering techniques we will be able to profile customer’s network
as described below:-

Both automated and manual
vulnerability assessment will be performed - based on the information found
from the Profiling Phase - against the customer’s internal infrastructure to
ensure that all known and unknown vulnerabilities will be identified.

Specifically, the following vulnerability assessment
techniques will be used:-

Vulnerability Assessment

Automated Assessment – Vulnerability Scanners will
be used to identify potential risks.

Input Validation – An assessment for input
validation will be performed to identify application and services that fail
to fully validate the input they receive from users (E.g. Buffer Overflows,
SQL Injections etc.).

Insecure Protocols – Identifying protocols which
allow authentication credentials to travel in clear-text format and are
vulnerable to sniffing attacks.

Exploitation Phase

At the exploitation stage we
will try to exploit and validate the existence of the identified
vulnerabilities. Both online and offline password cracking techniques (e.g.
Guessing, Dictionary, Hybrid, Brute-force) will be performed against password
hashes (e.g. LM/NTLM) and/or authentication points found from previous steps of
testing. In case of successful exploitation we will try to escalate privileges
within applications, hosts and networks.